Do I Need Cyber Security Insurance?

It’s a sad reality that Australian businesses of all sizes are susceptible to cybercrime, not just large organisations. Did you know that over 55% of small businesses have experienced a data breach and nearly that many again have experienced multiple breaches?

Cybercrime costs Australian businesses a staggering $1 billion annually, yet it remains one of the least insured policy areas, despite being a smart precaution for any size business.

We explain cyber security insurance, what it covers, and provide some guidelines to help you determine whether it’s worth it and how to potentially minimise the cost of a policy.

What Is Cyber Security Insurance?

Cyber Insurance provides cover for financial loss and expenses that businesses may suffer as a result of a cybercrime event, including cyber-attacks from malware or other invasive software, cyber extortion and social engineering.

Examples include a data breach involving the theft of sensitive customer information, credit card fraud, or business systems being corrupted by a virus.

Insurance Coverage

What Is Typically Covered

  • Investigation costs
  • Extortion costs
  • Business interruption costs (loss of profit and operational expenses)
  • Breach notification costs
  • Data recovery and system damage
  • Fine and penalties
  • Media Liability
  • Crisis management costs

Additional coverage may also be available such as:

  • Contingent Business Interruption
  • Social Engineering and Funds Transfer Fraud
  • Payment Card Data Security Liability

What Isn’t Covered

Cyber insurance policies generally do not cover:

  • Potential future lost profit
  • The cost to improve internal technology / equipment
  • Property damage
  • Loss of value due to theft of intellectual property
  • Software and security upgrade costs after a cyber event
  • Prior known circumstances (before the policy commenced).

protect your business with cyber security services

The Cost of Cyber Insurance

The cost of cyber insurance depends on a number of factors that vary from business to business. It’s important to understand the factors which may affect your rate so you can better control your costs and still obtain appropriate coverage.

Data Access

Your cyber security premiums will be influenced by who can access your data and systems. Third party IT partners such as cloud providers may be deemed a greater risk than only having internal IT staff accessing data. And limiting access to only the necessary employees, customers and partners can help minimise risk and the policy cost.

Coverage Limits and Needs

Like most insurance policies, your cyber insurance cost will increase if you increase your coverage limits. For instance, a $2 million policy will cost you more in premiums than a $50,000 policy.

Network Security

The risk of cyber threats like computer attacks, data compromise and extortion increase if you store sensitive data on unsecured networks. If you can demonstrate that you implement effective cyber security such as maintaining antivirus software, professional network firewalls and password management, it may lower your cost.


Professions such as medical practices, IT companies and accounting firms that collect and store large amounts of sensitive data, typically pay more for cyber insurance. This is simply because it costs more to recover from a cyber incident that involves large amounts of sensitive data.

Do I Really Need Cyber Security Insurance?

As a rule of thumb, a business that meets any of the following criteria would benefit from cyber insurance:

  • Businesses that use email
  • Any business that trades via an online platform or website
  • Any business that deals with customer data
  • Businesses who rely on EFTPOS machines
  • Businesses who rely on IT systems to conduct their business

In short, any business that electronically stores or processes any form of sensitive information or data needs cyber security insurance – which means most businesses in this day and age!

How to Select the Right Cover

Cyber insurance policy cover can range from hundreds to millions of dollars, depending on the risks, type of business and likely cost of an attack. To help determine the right cover for your business, start by asking:

  • What is the likely business impact if my website or business is taken offline for days or even weeks?
  • Could my business survive if we experience significant losses due to a customer data breach?
  • Could my business survive the reputation and brand damage?

You should then consider:

  • The type of risks your business is exposed to
  • The likely cost to manage and recover from an attack
  • The nature and amount of customer data you store
  • The current security arrangements in place to protect this data
  • The quality of the cover your suppliers and cloud hosting providers have in place to protect your data.

Step One: Review your current security policy and processes

Before purchasing cyber security insurance for your business, ensure you have effective cyber security procedures and systems in place, to help reduce the cost of cover.

An experienced IT company like Surety IT can conduct an IT Health Check to review your current IT and provide recommendations for improvement. We can also work closely with you to develop your business Cyber Security Strategy and implement effective security systems and processes to minimise the risk of cybercrime.

If your business experiences a cyber crime event, Surety IT can support you through our best-practice backup and recovery process so your business critical information and intellectual property is restored quickly. We can also work closely with you to identify security vulnerabilities and implement best-practice cyber security technology and procedures.

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing.His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow.After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need.His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder.His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top